N/A

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.

N/A

使用共享资源的并发执行不恰当同步问题(竞争条件)

private_address_check ruby gem 竞争条件漏洞

private_address_check ruby gem是一款基于Ruby的服务器端请求伪造攻击检查工具。 private_address_check ruby gem 0.5.0之前版本中存在竞争条件漏洞，该漏洞源于程序没有检测套接字所使用的地址。攻击者可通过发送特制的请求利用该漏洞造成应用程序崩溃。

N/A

N/A